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Listing of Claims: 

1. (currently amended) A method comprising tlie steps of; 

generating a random number, an expected response, and a derived cipher key; 
forwarding the random number and a random seed to a base station; 
receiving, from the base station, a response to the random nmnbcr and the random seed; 
comparing the response and the expected rcspoa^e; 

when the response matches the expected response, encrypting the derived cipher key using an 
intrakey and f orwarding the encrypted d erived cipher key to the base station. 

2. (currently amended) The method of claim 1 , further comprising the step of, when the 
response docs not match the expected response, discarding die derived cipher key without 
encrypting forw^ordingt t he derived cipher key and forwarding the encrypted derived cipher key t o 
the base station. 

3. (original) The method of claim 2, further comprising tlie step of sending a failed 
autlxcntication message to the base station. 

4. (original) The method of claim 1, wherein the expected response is generated at least 
indirectly from the random number and the random seed. 

5. (original) The method of claim 1, wherein the derived cipher key is generated at least 
indirectly from the random number and the random seed. 

6. (currently amended) The method of claim I, wherein the encrypted d erived cipher key is 
stored at a visited location register. 
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7, (cancelled) 

8, (currently atncnded) The method of claim 1, wherein the encrypted d erived cipher key is 
stored at a home location register. 

9, (cancelled) 

The method of claim 1, wherein the steps are performed by a zone controller. 
The method of claim 1, wherein the steps are performed by a visited location 

1 2. (original) The method of claim 1, wherein the response is generated by a mobile station. 

13. (currently amended) The mctliod of claim I, wherein the base station is located in a zone 
and whcFoin the dorivod oiphor key is encrypt e d by an introkey when tronflforrod within th e zon e 
b e fore being forwarded to tho bono station . 

14. (original) The method of claim ) , wherein any of a base site and a TETR A site controller 
takes the place of the base station. 



10. (original) 

11. (original) 
register. 
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1 5. (original) The method of claim I, further comprising the steps of: 

receivings from the base station, a second random number generated by a mobile station; 

generating a second derived cipher key and a second response to the second random number and 
forwarding the second response to the base station; 

combining the derived cipher key and the second derived cipher key, yielding a third derived 



when a positive authentication message is received from the base station, forwarding the third 
derived cipher key to the base station. 

16. (currently amended) A method performed by any of a base station and comprising the 
steps of: 

receiving an audientication request from a mobile station; 
determining whether to forward the request to an authentication agent; 

when it is determined to forward the request* forwarding the request to the authentication agent; 

receiving a random munber and a random seed from the authentication agent; 

forwarding the random number and the random seed to die mobile station; 

receiving a response to the random number and the random seed from the mobile station and 
forwarding the response to the authentication agent; 
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when the authentication agent authenticates the mobile station, receiving a derived cipher kcy^ 
whidi is encrvntcd bv an intrakev, from the authentication agent; 

encrypting messages to the mobile station and decrypting messages from the mobile station with 
the derived cipher key. 



17. (original) The method of claim 16, further comprising the step of, v^^hcn the 
authentication agent sends a negative authentication to the base station, forwarding the negative 
authentication to the mobile statioiL 



18. (original) The method of claim 16, wherein the authentication agent is a zone controller, 

19. (original ) The method of claim 16* wherein the authentication agent is a visited location 
register. 



20. (currently amended) The method of claim 16, wherein the base station is located in a 
zon e and whoroin tho derived cipher kcy - io onoryplod - by an introk e y when tronflforrcd within tbo 
zone before boing forwarded to th e base ototion . 

21. (original) The method of claim 16, wherein any of a base site and a TETRA site 
controller takes the place of tlie base station. 



22. (original) The method of claim 16: 
receiving a second random number from a mobile station; 



forwarding the second random number lo the authentication agent; 

receiving a second response to the second random number from the authentication agent; 



forwarding the second response to the mobile station: 
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when the mobile station authenticates the infrastmcture, forwarding an authenticated message to 
tlie authentication agent; 

receiving u second derived cipher key from the authentication agent; 

encrypting messages to the mobile station and decrypting messages from the mobile station with 
the second derived cipher key. 

23. (currently amended) A method comprising the st^s of: 

receiving, from a base station, a random number generated by a mobile station; 

using a random seed, generating a derived cipher key and a response to the random number and 
forwarding the random seed and the response to the base station; 

when a positive authentication message is. received from the base station, encrypting the deriye<j 
cipher kcv usin^ an intrakev and f orwarding the encrvotcd d erived cipher key to the base station. 

24. (currently amended) The method of claim 23, further comprising the step of, when a 
negative authentication message is received from the base station, discarding the derived cipher 
key without encrypting f orwarding t he derived cipher key and forwarding the encrypted derived 
cipher key t o the base station. 

25. (original) The method of claim 23, wherein the response Ls generated at least indirectly 
from the random number and the random seed. 

26. (original) The method of claim 23, wherein the derived cipher key is generated at least 
indirectly from the random number and the random seed. 
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27. (cunxntly amended) The method of claim 23, wherein the encrvpied d erived cipher key 
is stored at a visited location register. 

28. (cancelled) 

29. (currently amended) The method of claim 23, wherein the encrypted derived cipher key 
is stored at a home location register. 

30. (cancelled) 

31. (original) The method of claim 23, wherein the steps arc performed by a zone controller. 

32. (original) The method of claim 23, wherein the steps are performed by a visited location 
register. 

33. (currently amended) The method of claim 23, wherein the base station is located in a 
zon e and wherein th e d e riv e d cipher key is oncryptod by an introk e y when tronflforrod within the 
Sftono befor e b e ing forwarded to the baoo ntaiion . 

34. (original) The method of claim 23, wherein any of a base site and a TETRA site 
controller takes the place of the base station. 

35. (original) Tlie method of claim 23, wherein the method is of a mutual authentication 
process, 

36. (currently amended) A method performed by a base station and comprising the steps of: 
receiving a random number from a mobile station; 

forwarding the random number to an authentication agent; 
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receiving a response to the random number and a random seed from the autlientication agent; 
forwarding die response and the random seed to the mobile station; 

when the mobile station authenticates the infrastructure, forwarding an authenticated message to 
the authentication agent; 

receiving a derived cipher key, which is encrypted by an intrakev, f rom the authentication agent; 

encryptmg messages to the mobile station and decrypting messages from the mobile station with 
a derived cipher key. 

37. (original) The method of claim 36, further comprising the .step of, when the mobile 
station sends a negative authentication to the base station, forwarding the negative authentication 
to the authentication agent* which discai-ds the derived cipher key. 

38. (original) The method of claim 36, wherein the authentication agent is a 7;one controller. 

39. (original) The method of claim 36, wherein the authentication agent is a visited location 
register. 

40. (currently amended) The method of claim 36, wherein the base station is located in a 
zone and wherein th e d e riv e d cipher koy i» encrypted by an intiokoy when iTonsf e rred within the 
zone boforo being forward e d to the booo station . 

41. (original) The method of claim 36, wherein any of a base site and a TETRA site 
controller take* the place of the base station. 

42. (currently amended) A system comprising: 
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a first system device in a first zone of the system, the first system device comprised of memory 
for storiDg: 



first zone session authentication information. 



a first key for encrypting at least one of key material and a part of the first zone session 
authentication information for transport in real-time to another system device in the fu-st 
ione, and 

a second ke y, which is an interkev. for encrypting at least a segment of the first zone 
session authentication information for transport to a system device in a zone other than the 
fu:st zone; 



a second system device comprised of memory for storing the first zone session authentication 
inrormatioTi at least partially in an encrypted form. 



43. (original) The system of claim 42, wherein the furst system device is a zone controller. 



44. (original) The system of claim 42, wherein the first system device is a visited location 
register. 

45. (original) The system of claim 42, wherein the first system device is a home location 
register. 

46. (original) The system of claim 42, wherein the second system device is a zone manager. 

47. (original) The system of claim 42, wherein the another system device in the first zone is 
any of a base station, a base site, and a TETRA site controller. 

48. (original) The system of claim 42, wherein the first zone session authentication 
infomiation is stored at least partially encrypted iu the first system device. 
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49. (original) The system of claim 42, wherein the first key is an intrakey associated with the 
first zone. 

50. (original) The system of claim 42. wherein the first key is an interkey. 

51. (cancelled) 

52. (original) The system of claim 42, further comprising: 

a third system device in a second zone of the system, die third system device comprised of 
memory for storing: 

second zone session authentication uifomiation, 

a third key for encrypting at least one of key material and a part of the second zone 
se.ssion authentication information for transport in real*timc to another system device in the 
second zone, and 

the second key for encrypting at least a segment of the second zone session authentication 
uifomiation for transport to a system device in a zone other than the second zone. 

53. (original) The system of claim 52, wherein the third system device is a zone controller, 

54. (original) The system of claim 52, wherein the third system device is a visited location 
register. 

55. (original) The system of claim 52, wherein the diird system device is a home location 
register. 
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56. (original) The system of claim 52, wherein the another system device in the second zone 
is any of a base station, a base site, and a TETRA site controller. 

57. (original) The system of claim 52, wherein the second /one session autlientication 
information is stored at least partially encrypted in the third system device. 

58. (origmal) The system of claim 52, wherein the third key is an intrakcy associated with 
the second zone, 

59. (original) The system of claim 52, fiirther comprising a fourth system device comprised 
of memory for storing the second zone session authentication information at least partially in 
encrypted form, 

60. (original) Tlie system of claim 59, wherein the fourth system device is a zone manager. 

61. (original) The system of claim 59, furdier comprising a fifth system device comprised of 
memory for storing system session authentication information comprising at least the first zone 
session authentication information and the second zone sessioa authentication information at 
least partially in encrypted form, 

62. (original) The system of claim 61, wherein the fifth system device is a user configuration 
server. 

63. (original) The system of claim 61, further comprising: 
a sixth system device comprised of: 

memory for staring authentication key information; 

a processor, operably coupled to the memory, the processor arranged and constructed to 
generate the system session authentication information from the authentication key 

It 
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information, and encrypt the system sessioji authentication information for transport to at 
least the fifth system device in non-real-time. 

64. (original) The system of claim 63, wherein the sixth system device is an authentication 
center. 

65. (original) The system of claim 63, v^rhcrcin the sixth system device is a key management 
facility. 

66. (original) The system of claim 63, wherein the authentication key information is 
hardware encrypted before storage in the sixth device. 

67. (original) The system of claim 63, wherein the session authentication information 
comprises at least two keys utilized in an encryption authentication process. 

68. (currently amended) A method comprising the steps of: 

generating session authentication information for each of a plurality of authentication keys for 
use in a communication system; 

encTypting the session authentication information using an interkev : 

forwarding the encrypted session authentication information to a storage device for access in a 
non-real-lime manner, 

69. (original) The method of claim 68, further comprising the step of storing the plurality of 
keys as encrypted data. 

70. (original) The method of claim 69, wherein at least one of the plurality of keys is 
encrypted by a hardware-based encryption device. 
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71 . (original) The method of claim 68, wherein the session authentication information is 
encrypted by a software-based encryption device. 

72. (cancelled) 

73. (original) The method of claim 68» wherein the storage device is a user configuration 
server. 

74. (original) The method of claim 68, further comprising the step of forwarding, by the 
storage device, at least a part of the encrypted session authentication inforaiation to a first system 
device at a zone in the communication system in a non-real-time manner. 

75. (original) The method of claim 74, wherein the part of the encrypted session 
authentication information includes session authentication information for at least one mobile 
vStation registered at the zone. 

76. (original) The method of claim 74, further comprising the step of forwarding, by the first 
system device, at least some of the at least a part of the encrypted session authentication 
infomiation to a home location register at the zone in a non-real-time manner. 

77. (original) The method of claim 76, further comprising the step of decrypting, by the 
second system device, the ai least some of the at least a part of the encrypted session 
authentication information, yielding decrypted session authentication information. 

78. (original) The method of claim 77, further comprising the step of encrypting, by the 
second system device, at least a part of the decrypted session authentication information, 
yielding re-encrypted session authentication information. 

79. (original) The method of claim 78 wherein the step of encrypting at least the part of the 
decrypted session authentication information comprises the step of encrypting the at least the 
part of the decrypted session authentication information using an intrakey, 
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80. (original) The method of claim 78, wherein the step of encrypting at least the part of the 
decrypted session authentication information comprises the step of encrypting the at least the 
part of the decrypted session authentication inforcrtation using an inierkey* 

81 . (original) The method of claim 78, ftirther comprising the step of forwarding, by the 
second system device, the re-encrypted session authentication information to a third system 
device in a real-time maimer 

82. (original) The system of claim 78» wherein the session authentication information 
comprises at least two keys utilized in an encryption authentication process. 

83. (previously presented) A system comprising: 

a key management facility, arranged and constructed to store an audientication key for each 
mobile station residing in the system; 

a user configuration server, operably coupled to the key management facility, arranged and 
constructed to store and distribute session authentication information for each mobile station 
residing in the system; 

a zone manager, operably coupled to the user configuration server, arranged and constructed to 
store relevant session authentication information for a zone managed by the zone manager and to 
distribute the relevant session authentication information to a home location register within a 
zone controller for the zone; 

wherein the key management faciUty, user configuration server, and the ^o^e manager ai'e 
arranged and constructed to provide the session authentication information to each other or to a 
zone in the event of a fault in the system; 

wherein the home location register is arranged and constructed to continue to provide 
autlienticaiion and support secure communications in the event of a fault at any of the key 
management facility, user configuration server, and the zone manager. 
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84. (original) The system of claim 83, further comprising a visited location register, arranged 
and constructed to continue to provide authentication and support secure communicationii in the 
event of a fault at any of the key management facility, user configuration server, and the zone 
manager, and wherein at least part of the relevant session authentication information is 
distributed to the visited location register. 

85. (original) The system of claim 83, wherein the zone conUoUcr generates a derived cipher 
key from the session authentication information during an authentication process. 

86. (original) The system of claim 83, wherein the session authentication information 
comprises at least two keys utilized in an encryption authentication process. 

87. (previously presented) A system comprising: 

a plurality of first-level system devices, arranged and constructed to encrypt, store, and forward 
at least some session authentication information in a non-real-iinic manner, wherein at least one 
of the plurality of first- level system devices is arranged and constructed to encrypt the session 
authentication information using an interkey; 

a plurality of second-level system devices, arranged and constructed to receive at least a part of 
the session authentication information from at least one of the pluraJity of first-level system 
devices m a real-time manner. 



88. (original) The system of claim 87, wherein at least one of the plurality of first-level 
system devices generates the session authentication information. 

89. (original) The system of claim 87, wherein the plurality of second-level system devices 
authenticates one or more mobile stations in a real-time manner based on the session 
authentication information. 



15 



PA(S17/26*RCVDATN14/200511:22:27PM [Eastern Daylight Tim^^ 



JUN- 14-2005' 22:27 FROM: 



8475760721 



TOiUSPTO 



P. 18^26 



Appl. No. 0a^85722 Docket No. CM04ai 2H 

Amdt Dated Jun© 14, 2005 Customer No. 22917 

Hepty to Office Action of April 14, 200S 

90. (original) The syntem of claim 87, wherein the plurality of first-leve! system devices 
comprises a key managcnicnt facility, a user configuration server, and at least one zone manager. 

9L (original) The system of claim 87, wliercin the plurality of second-level system devices 
comprises at one zone controller and at least one base station. 

92. (cancelled) 

93. (original) The system of claim 87, wherein the plurality of second-level system devices 
IS arranged and constmctcd to encrypt at least a segment of the session authentication 
information using an interkey when the encrypted session authentication information is 
forwarded to a system device in a zone other than the zone in which the forwarding device is 
located. 

94. (original) The system of claim 87, wherein the plurality of second-level system devices 
is arranged and constructed to encrypt at least a segment of the session authentication 
infonnation using one of an iiitrakey and an interkey when the encrypted session authentication 
information is forwarded to a system device in a zone in which the forwarding device is located, 

95. (withdrawn) A method comprising the steps of: 

receiving, from a mobile station, a request to communicate in a communication system; 
determining whether the request is encrypted; 

when the request is not encrypted, sending a request to authenticate the mobile station to an 
infrastructure device in the communication system; 

when the request is encrypted, determining whether the mobile station is powering up; 
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when the mobile station is powering up and the request is encrypted, sending a request to 
authenticate the mobile station to the mfrastructure device in the communication system; 

when the mobile station is not powering up and the request is encrypted, determining whether the 
request is encrypted using a valid key; 

when the mobile station is not powering up and the request is encrypted using a valid key, 
permitting the mobile station access to the system without requesting authentication. 

96. (withdrawn) The method of claim 95, further comprising the steps of: 

storing authentication requests during a time period when the iofrastructurc device Is not 
available; 

when the infrastructure device becomes available, forwarding the stored authentication requests 
to the infrastrticture device. 

97, (withdrawn) A method comprising the steps of: 

receiving, from a mobile station, a request to communicate in a communication system; 
determining whether the mobile station is powering up; 

when the mobile station is powering up, sending a request to authenticate the mobile station to an 
infrastructure device in the communication system; 

when the mobile station is not powering up, determining whether the request is encrypted; 

when the request is not encrypted, sending a request to authenticate the mobile station to an 
infrastructure device in the communication system; 
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when the mobile station is not powering up and the request is encrypted, determining whether the 
request is encrypted using a valid key; 

when the mobile station is not powering up and the request is encrypted using a valid key, 
permitting the mobile station access to the system without requesting authentication. 

98. (withdrawn) The method of claim 97, further comprising the steps of: 

storing authentication requests during a time period when the infrastructure device is not 
available; 

when the infrastnicturc device becomes available, forwarding the stored authentication requests 
to the infrastructure device. 
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